hrev52895 adds 3 changesets to branch 'master'
old head: 451214163224e75d3ec07cbb1d1e9d59fad2ca11
new head: a31244d098b7f249b0d0f2d89d3020ebd10d8ead
overview:
https://git.haiku-os.org/haiku/log/?qt=range&q=a31244d098b7+%5E451214163224
----------------------------------------------------------------------------
b7223dc11fb8: accelerants/radeon: Fix potential memory leak
* Fix potential leak of 'node' at line 147, which is allocated
at line 123. Pointed out by Clang Static Analyzer.
* Remove trailing tabs.
Change-Id: I2289dfb5a9d0ada1fd7fc3854906d66a730b5bcb
Reviewed-on: https://review.haiku-os.org/c/1058
Reviewed-by: Adrien Destugues <pulkomandy@xxxxxxxxx>
d938c7118f2b: userlandfs/server/fuse: Fix potential memory leak
* Fix potential leak of 'cookie' at line 2206, which is allocated
at line 2203. Pointed out by Clang Static Analyzer.
* Add NULL check to 'cookie'.
Change-Id: Ibfdbe3a52ceb0d29adf1acca51fb7b27d2c532f3
Reviewed-on: https://review.haiku-os.org/c/1065
Reviewed-by: Adrien Destugues <pulkomandy@xxxxxxxxx>
a31244d098b7: mail: Fix potential memory leak
Fix memory leak when realloc() failed.
Pointed out by Clang Static Analyzer.
Change-Id: I13f758c4d89275651e22785652d0880a6d5b1a8e
Reviewed-on: https://review.haiku-os.org/c/1064
Reviewed-by: Adrien Destugues <pulkomandy@xxxxxxxxx>
[ Murai Takashi <tmurai01@xxxxxxxxx> ]
----------------------------------------------------------------------------
3 files changed, 52 insertions(+), 42 deletions(-)
.../accelerants/radeon/overlay_management.c | 77 ++++++++++----------
.../userlandfs/server/fuse/FUSEVolume.cpp | 6 +-
src/apps/mail/Content.cpp | 11 ++-
############################################################################
Commit: b7223dc11fb868f4e5edde9387434769b5fc5912
URL: https://git.haiku-os.org/haiku/commit/?id=b7223dc11fb8
Author: Murai Takashi <tmurai01@xxxxxxxxx>
Date: Wed Feb 13 21:37:15 2019 UTC
Committer: waddlesplash <waddlesplash@xxxxxxxxx>
Commit-Date: Tue Feb 19 18:31:44 2019 UTC
accelerants/radeon: Fix potential memory leak
* Fix potential leak of 'node' at line 147, which is allocated
at line 123. Pointed out by Clang Static Analyzer.
* Remove trailing tabs.
Change-Id: I2289dfb5a9d0ada1fd7fc3854906d66a730b5bcb
Reviewed-on: https://review.haiku-os.org/c/1058
Reviewed-by: Adrien Destugues <pulkomandy@xxxxxxxxx>
----------------------------------------------------------------------------
diff --git a/src/add-ons/accelerants/radeon/overlay_management.c
b/src/add-ons/accelerants/radeon/overlay_management.c
index 4fdb41f45b..b8ad2022e1 100644
--- a/src/add-ons/accelerants/radeon/overlay_management.c
+++ b/src/add-ons/accelerants/radeon/overlay_management.c
@@ -1,9 +1,9 @@
/*
Copyright (c) 2002, Thomas Kurschel
-
+
Part of Radeon accelerant
-
+
Overlay interface
*/
@@ -31,7 +31,7 @@ uint32 OVERLAY_COUNT( const display_mode *dm )
SHOW_FLOW0( 3, "" );
(void) dm;
-
+
return 1;
}
@@ -41,7 +41,7 @@ uint32 OVERLAY_COUNT( const display_mode *dm )
const uint32 *OVERLAY_SUPPORTED_SPACES( const display_mode *dm )
{
SHOW_FLOW0( 3, "" );
-
+
(void) dm;
return overlay_colorspaces;
@@ -53,7 +53,7 @@ const uint32 *OVERLAY_SUPPORTED_SPACES( const display_mode
*dm )
uint32 OVERLAY_SUPPORTED_FEATURES( uint32 color_space )
{
SHOW_FLOW0( 3, "" );
-
+
(void) color_space;
return
@@ -75,7 +75,7 @@ const overlay_buffer *ALLOCATE_OVERLAY_BUFFER( color_space
cs, uint16 width, uin
overlay_buffer *buffer;
status_t result;
uint ati_space, test_reg, bpp;
-
+
SHOW_FLOW0( 3, "" );
switch( cs ) {
@@ -119,11 +119,11 @@ const overlay_buffer *ALLOCATE_OVERLAY_BUFFER(
color_space cs, uint16 width, uin
SHOW_FLOW( 3, "Unsupported format (%x)", (int)cs );
return NULL;
}
-
+
node = malloc( sizeof( overlay_buffer_node ));
if( node == NULL )
return NULL;
-
+
node->ati_space = ati_space;
node->test_reg = test_reg;
@@ -131,42 +131,43 @@ const overlay_buffer *ALLOCATE_OVERLAY_BUFFER(
color_space cs, uint16 width, uin
// alloc graphics mem
buffer = &node->buffer;
-
+
buffer->space = cs;
buffer->width = width;
buffer->height = height;
buffer->bytes_per_row = (width * bpp + 0xf) & ~0xf;
-
+
am.magic = RADEON_PRIVATE_DATA_MAGIC;
am.size = buffer->bytes_per_row * height;
am.memory_type = mt_local;
am.global = false;
-
+
result = ioctl( ai->fd, RADEON_ALLOC_MEM, &am );
if( result != B_OK )
goto err;
-
+
node->mem_handle = am.handle;
node->mem_offset = am.offset;
buffer->buffer = si->local_mem + am.offset;
buffer->buffer_dma = (void *) ((unsigned long) si->framebuffer_pci +
am.offset);
-
+
// add to list of overlays
node->next = vc->overlay_buffers;
node->prev = NULL;
if( node->next )
node->next->prev = node;
-
+
vc->overlay_buffers = node;
-
+
RELEASE_BEN( si->engine.lock );
-
+
SHOW_FLOW( 0, "success: mem_handle=%x, offset=%x, CPU-address=%x,
phys-address=%x",
node->mem_handle, node->mem_offset, buffer->buffer,
buffer->buffer_dma );
return buffer;
-
+
err:
+ free(node);
RELEASE_BEN( si->engine.lock );
return NULL;
}
@@ -180,20 +181,20 @@ status_t RELEASE_OVERLAY_BUFFER( const overlay_buffer *ob
)
overlay_buffer_node *node;
radeon_free_mem fm;
status_t result;
-
+
SHOW_FLOW0( 3, "" );
node = (overlay_buffer_node *)((char *)ob - offsetof(
overlay_buffer_node, buffer ));
-
+
if( si->active_overlay.on == node || si->active_overlay.prev_on )
Radeon_HideOverlay( ai );
- // free memory
+ // free memory
fm.magic = RADEON_PRIVATE_DATA_MAGIC;
fm.handle = node->mem_handle;
fm.memory_type = mt_local;
fm.global = false;
-
+
result = ioctl( ai->fd, RADEON_FREE_MEM, &fm );
if( result != B_OK ) {
SHOW_FLOW( 3, "ups - couldn't free memory (handle=%x,
status=%s)",
@@ -205,16 +206,16 @@ status_t RELEASE_OVERLAY_BUFFER( const overlay_buffer *ob
)
// remove from list
if( node->next )
node->next->prev = node->prev;
-
+
if( node->prev )
node->prev->next = node->next;
else
vc->overlay_buffers = node->next;
- RELEASE_BEN( si->engine.lock );
-
+ RELEASE_BEN( si->engine.lock );
+
SHOW_FLOW0( 3, "success" );
-
+
return B_OK;
}
@@ -229,11 +230,11 @@ status_t GET_OVERLAY_CONSTRAINTS( const display_mode *dm,
const overlay_buffer *
// which should know what it's doing
if( dm == NULL || ob == NULL || oc == NULL )
return B_BAD_VALUE;
-
+
// scaler input restrictions
// TBD: check all these values; I reckon that
// most of them are too restrictive
-
+
// position
oc->view.h_alignment = 0;
oc->view.v_alignment = 0;
@@ -281,7 +282,7 @@ status_t GET_OVERLAY_CONSTRAINTS( const display_mode *dm,
const overlay_buffer *
oc->h_scale.max = 1 << 12;
oc->v_scale.min = 1.0f / (1 << 4);
oc->v_scale.max = 1 << 12;
-
+
SHOW_FLOW0( 3, "success" );
return B_OK;
@@ -293,16 +294,16 @@ overlay_token ALLOCATE_OVERLAY( void )
{
shared_info *si = ai->si;
virtual_card *vc = ai->vc;
-
+
SHOW_FLOW0( 3, "" );
if( atomic_or( &si->overlay_mgr.inuse, 1 ) != 0 ) {
SHOW_FLOW0( 3, "already in use" );
return NULL;
}
-
+
SHOW_FLOW0( 3, "success" );
-
+
vc->uses_overlay = true;
return (void *)++si->overlay_mgr.token;
@@ -314,21 +315,21 @@ status_t RELEASE_OVERLAY(overlay_token ot)
{
virtual_card *vc = ai->vc;
shared_info *si = ai->si;
-
+
SHOW_FLOW0( 3, "" );
if( (void *)si->overlay_mgr.token != ot )
return B_BAD_VALUE;
-
+
if( si->overlay_mgr.inuse == 0 )
return B_ERROR;
-
+
if( si->active_overlay.on )
Radeon_HideOverlay( ai );
si->overlay_mgr.inuse = 0;
vc->uses_overlay = false;
-
+
SHOW_FLOW0( 3, "released" );
return B_OK;
@@ -368,10 +369,10 @@ status_t CONFIGURE_OVERLAY( overlay_token ot, const
overlay_buffer *ob,
si->pending_overlay.ov = *ov;
si->pending_overlay.on = (overlay_buffer_node *)((char *)ob - offsetof(
overlay_buffer_node, buffer ));
-
+
result = Radeon_UpdateOverlay( ai );
-
+
RELEASE_BEN( si->engine.lock );
-
+
return result;
}
############################################################################
Commit: d938c7118f2b200cbd07c0c3dc360889395edf4a
URL: https://git.haiku-os.org/haiku/commit/?id=d938c7118f2b
Author: Murai Takashi <tmurai01@xxxxxxxxx>
Date: Wed Feb 13 21:31:50 2019 UTC
Committer: waddlesplash <waddlesplash@xxxxxxxxx>
Commit-Date: Tue Feb 19 18:31:44 2019 UTC
userlandfs/server/fuse: Fix potential memory leak
* Fix potential leak of 'cookie' at line 2206, which is allocated
at line 2203. Pointed out by Clang Static Analyzer.
* Add NULL check to 'cookie'.
Change-Id: Ibfdbe3a52ceb0d29adf1acca51fb7b27d2c532f3
Reviewed-on: https://review.haiku-os.org/c/1065
Reviewed-by: Adrien Destugues <pulkomandy@xxxxxxxxx>
----------------------------------------------------------------------------
diff --git
a/src/add-ons/kernel/file_systems/userlandfs/server/fuse/FUSEVolume.cpp
b/src/add-ons/kernel/file_systems/userlandfs/server/fuse/FUSEVolume.cpp
index 1318096167..a358c74a04 100644
--- a/src/add-ons/kernel/file_systems/userlandfs/server/fuse/FUSEVolume.cpp
+++ b/src/add-ons/kernel/file_systems/userlandfs/server/fuse/FUSEVolume.cpp
@@ -2201,9 +2201,13 @@ FUSEVolume::OpenAttr(void* _node, const char* name, int
openMode,
}
AttrCookie* cookie = new(std::nothrow)AttrCookie(name);
+ if (cookie == NULL)
+ RETURN_ERROR(B_NO_MEMORY);
error = cookie->Allocate(attrSize);
- if (error != B_OK)
+ if (error != B_OK) {
+ delete cookie;
RETURN_ERROR(error);
+ }
int bytesRead = fuse_fs_getxattr(fFS, path, name, cookie->Buffer(),
attrSize);
############################################################################
Revision: hrev52895
Commit: a31244d098b7f249b0d0f2d89d3020ebd10d8ead
URL: https://git.haiku-os.org/haiku/commit/?id=a31244d098b7
Author: Murai Takashi <tmurai01@xxxxxxxxx>
Date: Wed Feb 13 21:28:33 2019 UTC
Committer: waddlesplash <waddlesplash@xxxxxxxxx>
Commit-Date: Tue Feb 19 18:31:44 2019 UTC
mail: Fix potential memory leak
Fix memory leak when realloc() failed.
Pointed out by Clang Static Analyzer.
Change-Id: I13f758c4d89275651e22785652d0880a6d5b1a8e
Reviewed-on: https://review.haiku-os.org/c/1064
Reviewed-by: Adrien Destugues <pulkomandy@xxxxxxxxx>
----------------------------------------------------------------------------
diff --git a/src/apps/mail/Content.cpp b/src/apps/mail/Content.cpp
index bd6f3bf0c1..716d97c282 100644
--- a/src/apps/mail/Content.cpp
+++ b/src/apps/mail/Content.cpp
@@ -3090,11 +3090,16 @@ TTextView::AddQuote(int32 start, int32 finish)
// add quote to this line
int32 lineLength = index - lastLine + 1;
- target = (char *)realloc(target, targetLength +
lineLength + quoteLength);
- if (target == NULL) {
- // free the old buffer?
+ char* newTarget = (char *)realloc(target,
+ targetLength + lineLength + quoteLength);
+ if (newTarget == NULL) {
+ // free the old buffer
+ free(target);
+ target = NULL;
free(text);
return;
+ } else {
+ target = newTarget;
}
// copy the quote sign
